v1.16.0
Minor Changes
-
1333721: Add ContentScanner for SKILL.md security scanning
Changes:
- New
ContentScannermodule with 6 detection rules: prompt injection, data exfiltration, content obfuscation, sensitive file access, stealth instructions, and oversized content - Context-aware scanning: skips safe zones (frontmatter, code blocks, blockquotes, inline code, quoted text) to reduce false positives
- Configurable via
ScannerOptions: override rule levels, disable rules, add custom rules - Integrated into
reskill publish— high-risk content blocks publishing, medium-risk shows warnings --dry-runalso runs content scan for author self-checking- New subpath export
reskill/scannerfor lightweight server-side usage
新增 ContentScanner,用于 SKILL.md 内容安全扫描
变更:
- 新增
ContentScanner模块,包含 6 类检测规则:prompt injection、数据泄露、内容混淆、敏感文件访问、隐蔽指令、超大内容 - 上下文感知扫描:自动跳过安全区域(frontmatter、代码块、引用、行内代码、引号内文本),降低误报率
- 支持通过
ScannerOptions配置:覆盖规则等级、禁用规则、添加自定义规则 - 集成到
reskill publish:高风险内容阻止发布,中风险显示警告 --dry-run模式也执行扫描,方便作者自检- 新增子路径导出
reskill/scanner,供服务端轻量引入
- New
Patch Changes
-
179193f: Add Chinese pattern detection for prompt-injection and stealth-instructions rules
Changes:
- Add 11 Chinese regex patterns to prompt-injection rule (high risk)
- Add 6 Chinese patterns + 1 safe exclusion to stealth-instructions rule (medium risk)
- Fix multilingual bypass vulnerability where Chinese translations of malicious content bypassed all detection
为 prompt-injection 和 stealth-instructions 规则添加中文模式检测
变更:
- prompt-injection 规则新增 11 条中文正则匹配(高风险)
- stealth-instructions 规则新增 6 条中文匹配 + 1 条安全排除(中风险)
- 修复多语言绕过漏洞:中文翻译的恶意内容可完全绕过检测